Could not be able to enter data in database - php

<html>
<head>
<title>Add New Record in MySQL Database</title>
</head>
<body>
<?php
if(isset($_POST['add'])) {
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = 'password';
$conn = mysqli_connect($dbhost, $dbuser, $dbpass);
if(! $conn ) {
die('Could not connect: ' . mysql_error());
}
if(! get_magic_quotes_gpc() ) {
$emp_name = addslashes ($_POST['emp_name']);
$emp_address = addslashes ($_POST['emp_address']);
}else {
$emp_name = $_POST['emp_name'];
$emp_address = $_POST['emp_address'];
}
$emp_salary = $_POST['emp_salary'];
$sql = "insert into employee(emp_name,emp_address, emp_salary)values('$emp_name','$emp_address','$emp_salary')";
mysqli_select_db($conn,"test_db");
$retval = mysqli_query($conn,$sql);
if(!$retval) {
die('Could not enter data: ' . mysql_error());
}
echo "Entered data successfully\n";
mysql_close($conn);
}else {
?>
<form method = "post" action = "<?php $_PHP_SELF ?>">
<table width = "400" border = "0" cellspacing = "1"
cellpadding = "2">
<tr>
<td width = "100">Employee Name</td>
<td><input name = "emp_name" type = "text"
id = "emp_name"></td>
</tr>
<tr>
<td width = "100">Employee Address</td>
<td><input name = "emp_address" type = "text"
id = "emp_address"></td>
</tr>
<tr>
<td width = "100">Employee Salary</td>
<td><input name = "emp_salary" type = "text"
id = "emp_salary"></td>
</tr>
<tr>
<td width = "100"> </td>
<td> </td>
</tr>
<tr>
<td width = "100"> </td>
<td>
<input name = "add" type = "submit" id = "add"
value = "Add Employee">
</td>
</tr>
</table>
</form>
<?php
}
?>
when I am trying to enter the value and pressing the submit button at this time I am not getting any error but I cannot be able to enter the value in database.
The problem is I am getting text as "Could not enter data: Table 'employee' is read only".Can anyone please help me to sort out this problem ?
I have created the database (test_db) and table (employee ) in wamp server.


Your problem is solved. Even though, I will strongly recommend you to use Prepared Statements, otherwise your code is open for SQL injection and possible quoting issues.
You're mixing mysql and mysqli. Stop it. Since you're using mysqli,
take advantage of prepared statements and bind_param, otherwise you're
open for SQL injection and possible quoting issues. – #aynber
Changes
Change die('Could not connect: ' . mysql_error()); To die('Could not connect: ' . mysqli_connect_error());
Change mysql_close($conn); To mysqli_close($conn);
Change action = "<?php $_PHP_SELF ?>" To action = "<?php echo $_SERVER['PHP_SELF']; ?>"
Use Prepared Statements.
Updated Code
<html>
<head>
<title>Add New Record in MySQL Database</title>
</head>
<body>
<?php
if(isset($_POST['add'])) {
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = 'password';
$db = "test_db";
$conn = mysqli_connect($dbhost, $dbuser, $dbpass, $db);
if(! $conn ) {
die('Could not connect: ' . mysqli_connect_error());
}
$stmt = mysqli_prepare($conn, "INSERT INTO employee(emp_name,emp_address, emp_salary) VALUES (?, ?, ?)");
mysqli_stmt_bind_param($stmt, 'sss', $_POST['emp_name'], $_POST['emp_address'], $_POST['emp_salary']);
if(!mysqli_stmt_execute($stmt)) {
die('Could not enter data: ' . mysqli_error($conn));
}
echo "Entered data successfully\n";
mysqli_close($conn);
} else {
?>
<form method = "post" action = "<?php echo $_SERVER['PHP_SELF']; ?>">
<table width = "400" border = "0" cellspacing = "1" cellpadding = "2">
<tr>
<td width = "100">Employee Name</td>
<td><input name = "emp_name" type = "text" id = "emp_name"></td>
</tr>
<tr>
<td width = "100">Employee Address</td>
<td><input name = "emp_address" type = "text" id = "emp_address"></td>
</tr>
<tr>
<td width = "100">Employee Salary</td>
<td><input name = "emp_salary" type = "text" id = "emp_salary"></td>
</tr>
<tr>
<td width = "100"> </td>
<td> </td>
</tr>
<tr>
<td width = "100"> </td>
<td><input name = "add" type = "submit" id = "add" value = "Add Employee"></td>
</tr>
</table>
</form>
<?php
}
?>
Quick Look
mysqli_stmt_bind_param
PHP_SELF
Table is 'read only' : [Solved]


I'm sure you user is not granted to enter data into you table
Please edit schema_name, and execute query on you DB:
GRANT ALL ON TABLE schema_name.employee TO root;
Also you can try without schema:
GRANT ALL ON TABLE employee TO root;

Related

php update accepts only numbers how to input text and numbers

Hi i use this php script to update some values in my database but it accepts only numbers when i put my email it says : Could not update data: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '#hotmail.com' at line 1
i want to update the values where by entering email and username
and increase the values because i have more than 5 values to update
any solution? :)
<html>
<head>
<title>Update a Record in MySQL Database</title>
</head>
<body>
<?php
if(isset($_POST['update'])) {
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = 'root';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn ) {
die('Could not connect: ' . mysql_error());
}
$email = $_POST['email'];
$gold = $_POST['gold'];
$sql = "UPDATE userdata ". "SET gold = $gold ".
"WHERE email = $email" ;
mysql_select_db('chickenstories');
$retval = mysql_query( $sql, $conn );
if(! $retval ) {
die('Could not update data: ' . mysql_error());
}
echo "Updated data successfully\n";
mysql_close($conn);
}else {
?>
<form method = "post" action = "<?php $_PHP_SELF ?>">
<table width = "400" border =" 0" cellspacing = "1"
cellpadding = "2">
<tr>
<td width = "100">Email : </td>
<td><input name = "email" type = "text"
id = "email"></td>
</tr>
<tr>
<td width = "100">Gold : </td>
<td><input name = "gold" type = "text"
id = "gold"></td>
</tr>
<tr>
<td width = "100"> </td>
<td> </td>
</tr>
<tr>
<td width = "100"> </td>
<td>
<input name = "update" type = "submit"
id = "update" value = "Update">
</td>
</tr>
</table>
</form>
<?php
}
?>
</body>
</html>

The problem is you are not putting email as string, you are passing it without escaping it, update this line:
$sql = "UPDATE userdata ". "SET gold = $gold ". "WHERE email = $email" ;
to Be:
$sql = "UPDATE userdata ". "SET gold = $gold ". "WHERE email = '$email'" ;
I also recommend you to escape all variable before putting them in database, to avoid SQL injection.

now it dont work again i have somewhere a syntax error on my query
Could not update data: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'email = 'test#hotmail.com' and username = 'TestName'' at line 1
<html>
<head>
<title>Update a Record in MySQL Database</title>
</head>
<body>
<?php
if(isset($_POST['update'])) {
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = 'root';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn ) {
die('Could not connect: ' . mysql_error());
}
$email = $_POST['email'];
$username = $_POST['username'];
$gold = $_POST['gold'];
$chickens = $_POST['chickens'];
$sql = "UPDATE userdata ". "SET gold = $gold, chickens = $chickens". "WHERE email = '$email' and username = '$username'" ;
mysql_select_db('chickenstories');
$retval = mysql_query( $sql, $conn );
if(! $retval ) {
die('Could not update data: ' . mysql_error());
}
echo "Updated data successfully\n";
mysql_close($conn);
}else {
?>
<form method = "post" action = "<?php $_PHP_SELF ?>">
<table width = "400" border =" 0" cellspacing = "1"
cellpadding = "2">
<tr>
<td width = "100">Email : </td>
<td><input name = "email" type = "text"
id = "email"></td>
</tr>
<tr>
<td width = "100">Username : </td>
<td><input name = "username" type = "text"
id = "username"></td>
</tr>
<tr>
<td width = "100">Gold : </td>
<td><input name = "gold" type = "text"
id = "gold"></td>
</tr>
<tr>
<td width = "100">Chickens : </td>
<td><input name = "chickens" type = "text"
id = "chickens"></td>
</tr>
<tr>
<td width = "100"> </td>
<td> </td>
</tr>
<tr>
<td width = "100"> </td>
<td>
<input name = "update" type = "submit"
id = "update" value = "Update">
</td>
</tr>
</table>
</form>
<?php
}
?>
</body>
</html>

form in html and php not showing up on the screen

I am writing out a form in php,html... witch should normally update to my database but the form isnt showing up on the screen. Help!!! I am not a very expirianced coder so pleases if you could tell meif there is any other probleme with my code. Thanks :-)
<html>
<head>
<title>help</title>
</head>
<body>
<?php
if(isset($_POST['update'])) {
$dbhost = 'localhost';
$dbuser = '*********';
$dbpass = '*****';
$conn = mysqli_connect($dbhost, $dbuser, $dbpass);
if(! $conn ) {
die('Could not connect: ' . mysqli_error());
}
$Userid = $_POST['UserID'];
$TableID = $_POST['tableID'];
$Life_points = $_POST['Life_points'];
$xp_points = $_POST['xp_points'];
$sql = "UPDATE points SET TableID = " . $TableID . " WHERE UserID = ". $Userid . " AND life_points = " . $Life_points . " AND xp_points= " . $xp_points;
mysqli_select_db('womath');
$retval = mysqli_query( $conn, $sql );
<?php echo $_SERVER['PHP_SERVER'] ?>
if(! $retval ) {
die('Could not update data: ' . mysqli_error());
}
echo "Updated data successfully\n";
mysqli_close($conn);
} else {
?>
<form method = "post" action = "<?php $_PHP_SELF ?>">
<table width = "400" border =" 0" cellspacing = "1" cellpadding = "2">
<tr>
<td width = "100">UserID</td>
<td><input name = "UserID" type = "number" id = "UserID"></td>
</tr>
<tr>
<td width = "100">TableID</td>
<td><input name = "TableID" type = "number" id = "TableID"></td>
</tr>
<tr>
<td width = "100">life_points</td>
<td><input name = "life_points" type = "number" id = "life_points"></td>
</tr>
<tr>
<td width = "100">xp_points</td>
<td><input name = "xp_points" type = "number" id = "xp_points"></td>
</tr>
<tr>
<td width = "100"> </td>
<td> </td>
</tr>
<tr>
<td width = "100"> </td>
<td><input name = "update" type = "submit" id = "update" value = "Update"></td>
</tr>
</table>
</form>
<?php
}
?>
</body>
</html>

You have issued a query to the database for compilation and execution before you have told MYSQL which database you are trying to gain access to.
The mysqli_select_db('womath'); must happen before your first query
In fact that function is more for use when you want to switch from one database to another during a scripts execution, you can add the database name to the
$conn = mysqli_connect($dbhost, $dbuser, $dbpass);
like this
$conn = mysqli_connect($dbhost, $dbuser, $dbpass,'womath');
line if you like and forget about the line
mysqli_select_db('womath');
completely.
<html>
<head>
<title>help</title>
</head>
<body>
<?php
ini_set('display_errors', 1);
ini_set('log_errors',1);
error_reporting(E_ALL);
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
if(isset($_POST['update'])) {
$dbhost = 'localhost';
$dbuser = '*********';
$dbpass = '*****';
$conn = mysqli_connect($dbhost, $dbuser, $dbpass,'womath');
// --------------------------^^^^^^^^
if(! $conn ) {
die('Could not connect: ' . mysqli_error());
}
// move this calll to here or add database to the connect line
//mysqli_select_db('womath');
$Userid = $_POST['UserID'];
$TableID = $_POST['tableID'];
$Life_points = $_POST['Life_points'];
$xp_points = $_POST['xp_points'];
$sql = "UPDATE points SET TableID = '$TableID'
WHERE UserID = '$Userid'
AND life_points = '$Life_points'
AND xp_points = '$xp_points'";
$retval = mysqli_query( $conn, $sql );
// this following line also need a `;`
echo $_SERVER['PHP_SERVER'];
if(! $retval ) {
die('Could not update data: ' . mysqli_error());
}
echo "Updated data successfully\n";
mysqli_close($conn);
// remove this else, as with it in place
// you only show the form when you are NOT updating the database
// }else {
// just terminate the IF so the form will show after an update
// AND when page is first loaded and there is no user input
}
?>
<form method = "post" action = "<?php $_PHP_SELF ?>">
<table width = "400" border =" 0" cellspacing = "1"
cellpadding = "2">
<tr>
<td width = "100">UserID</td>
<td><input name = "UserID" type = "number"
id = "UserID"></td>
</tr>
<tr>
<td width = "100">TableID</td>
<td><input name = "TableID" type = "number" id = "TableID"></td>
</tr>
<tr>
<td width = "100">life_points</td>
<td><input name = "life_points" type = "number" id = "life_points"></td>
</tr>
<tr>
<td width = "100">xp_points</td>
<td><input name = "xp_points" type = "number" id = "xp_points"></td>
</tr>
<tr>
<td width = "100"> </td>
<td> </td>
</tr>
<tr>
<td width = "100"> </td>
<td>
<input name = "update" type = "submit" id = "update" value = "Update">
</td>
</tr>
</table>
</form>
<?php
}
?>
Your script is at risk of SQL Injection Attack
Have a look at what happened to Little Bobby Tables Even
if you are escaping inputs, its not safe!
Use prepared parameterized statements

Cant find my Url adress or there is something wrong with my programming

I have created a database (on phpmyadmin) and a form using php and html but I can't seem to find my databases URL address or there is something very wrong with my form... and It is saying Error -1 - Bridge response error, please check the API docs or this ajax response. What does it mean?
Here is the code:
<html>
<head>
<title>Database</title>
</head>
<body>
<?php
if(isset($_POST['update'])) {
$dbhost = localhost;'localhost:id674442_wommath';
$dbuser = 'root';
$dbpass = 'passroot';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn ) {
die('Could not connect: ' . mysql_error());
}
$fir_name = $_POST['fir_name'];
$sur_name = $_POST['sur_name'];
$li_points = $_POST['li_points'];
$xp_points = $_POST['xp_points'];
$sql = "UPDATE First_name ". "SET Sur_name = $sur_name ".
"WHERE fir_name= $fur_name" ;
mysql_select_db('test_db');
$retval = mysql_query( $sql, $conn );
if(! $retval ) {
die('Could not update data: ' . mysql_error());
}
echo "Updated data successfully\n";
mysql_close($conn);
}else {
?>
<form method = "post" action = "<?php $_PHP_SELF ?>">
<table width = "400" border =" 0" cellspacing = "1"
cellpadding = "2">
<tr>
<td width = "100">First_Name</td>
<td><input name = "fir_name" type = "text"
id = "emp_id"></td>
</tr>
<tr>
<td width = "100">Surname</td>
<td><input name = "sur_name" type = "text"
id = "emp_id"></td>
</tr>
<tr>
<td width = "100">life_points</td>
<td><input name = "li_points" type = "text"
id = "emp_id"></td>
</tr>
<tr>
<td width = "100">xp_points</td>
<td><input name = "xp_points" type = "text"
id = "emp_salary"></td>
</tr>
<tr>
<td width = "100"> </td>
<td> </td>
</tr>
<tr>
<td width = "100"> </td>
<td>
<input name = "update" type = "submit"
id = "update" value = "Update">
</td>
</tr>
</table>
</form>
<?php
}
?>
</body>
</html>
Please help!(my students want their website finished!!)

I have updated the code, there were lot of errors in the code. Also, if you are using php7, always use mysqli not only mysql.
<html>
<head>
<title>Database</title>
</head>
<body>
<?php
if(isset($_POST['update'])) {
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = 'passroot';
$conn = mysqli_connect($dbhost, $dbuser, $dbpass);
if(! $conn ) {
die('Could not connect: ' . mysqli_error());
}
$fir_name = $_POST['fir_name'];
$sur_name = $_POST['sur_name'];
$li_points = $_POST['li_points'];
$xp_points = $_POST['xp_points'];
$sql = "UPDATE First_name SET Sur_name = '".$sur_name."' WHERE fir_name= '".$fir_name."'";
mysqli_select_db('test_db');
$retval = mysqli_query( $sql, $conn );
if(! $retval ) {
die('Could not update data: ' . mysqli_error());
}
echo "Updated data successfully\n";
mysqli_close($conn);
}
else {
?>
<form method = "post" action = "<?php $_PHP_SELF ?>">
<table width = "400" border =" 0" cellspacing = "1"
cellpadding = "2">
<tr>
<td width = "100">First_Name</td>
<td><input name = "fir_name" type = "text"
id = "emp_id"></td>
</tr>
<tr>
<td width = "100">Surname</td>
<td><input name = "sur_name" type = "text"
id = "emp_id"></td>
</tr>
<tr>
<td width = "100">life_points</td>
<td><input name = "li_points" type = "text"
id = "emp_id"></td>
</tr>
<tr>
<td width = "100">xp_points</td>
<td><input name = "xp_points" type = "text"
id = "emp_salary"></td>
</tr>
<tr>
<td width = "100"> </td>
<td> </td>
</tr>
<tr>
<td width = "100"> </td>
<td>
<input name = "update" type = "submit"
id = "update" value = "Update">
</td>
</tr>
</table>
</form>
<?php
}
?>
</body>
</html>

Check this line
$dbhost = localhost;'localhost:id674442_wommath';
Why is there semicolon?
Set $dbhost to "localhost" and it will work.

The problem is about your $dbhost parameter .
You must set it correct value.
And if you can share more details helping will be easy to you .
If you are working on localhost use must write something like this :
$dbhost = 'localhost'; or $dbhost = '127.0.0.1';
And make sure your Apache server is using port 80 and if its different you must write it after the localhost or ip like this :
$dbhost = 'localhost:port number'; or $dbhost = '127.0.0.1:port number';

My php code is not inputting data to mySQL and giving me no feedback

I am not sure why my database is not receiving information from my website. Also, no error messages are popping up so I'm not sure the data is going anywhere at all. It appears to be letting me connect to the database, but when I click add employee I just get a blank page. Any suggestions?
EDIT: I have changed my code to only input one variable, but am still only returning a blank page.
<html>
<head>
<title>Add New Record in MySQL Database</title>
</head>
<body>
<?php
if(isset($_POST['add'])) {
$dbhost = '';
$dbuser = 'j';
$dbpass = 'os';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn ) {
die('Could not connect: ' . mysql_error());
}
if(! get_magic_quotes_gpc() ) {
$emp_name = addslashes ($_POST['employee_name']);
} else {
$emp_name = $_POST['employee_name'];
}
$sql = "INSERT INTO employee ". "(employee_name) ". "VALUES('$emp_name')";
mysql_select_db('test_db');
$retval = mysql_query( $sql, $conn );
if(! $retval ) {
die('Could not enter data: ' . mysql_error());
}
echo "Entered data successfully\n";
mysql_close($conn);
} else {
?>
<form method = "post" action = "<?php $_PHP_SELF ?>">
<table width = "400" border = "0" cellspacing = "1" cellpadding = "2">
<tr>
<td width = "100">
Employee Name
</td>
<td>
<input name = "employee_name" type = "text" id = "employee_name">
</td>
</tr>
<tr>
<td width = "100">
</td>
<td>
</td>
</tr>
<tr>
<td width = "100">
</td>
<td>
<input name = "add" type = "submit" id = "add" value = "Add Employee">
</td>
</tr>
</table>
</form>
<?php
}
?>
</body>
</html>

$sql = "INSERT INTO employee ". "(employee_name) ". "VALUES('$emp_name', NOW())";
You are passing 2 values in the sql, but only specifying one column. employee_name
you probably need to either remove the NOW() value or add another column (employee_name, date_added)
$sql = "INSERT INTO employee ". "(employee_name) ". "VALUES('$emp_name')";
$sql = "INSERT INTO employee ". "(employee_name, date_added) ". "VALUES('$emp_name', NOW())";

Why won't my php form work submitting to my sql database

<html>
<head>
<title>Add a New Open Mic</title>
</head>
<body>
<?php
if(isset($_POST['add'])) {
$servername = "localhost";
$username = "*";
$password = "*";
$dbname = "mlcarelo_wrdp2";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
if(! get_magic_quotes_gpc() ) {
$State= addslashes ($_POST['State']);
$City= addslashes ($_POST['City']);
$Place= addslashes ($_POST['Place']);
$Address= addslashes ($_POST['Address']);
$Day= addslashes ($_POST['Day']);
$Time= addslashes ($_POST['Time']);
$Host= addslashes ($_POST['Host']);
$Contact= addslashes ($_POST['Contact Information']);
}else {
$State= addslashes ($_POST['State']);
$City= addslashes ($_POST['City']);
$Place= addslashes ($_POST['Place']);
$Address= addslashes ($_POST['Address']);
$Day= addslashes ($_POST['Day']);
$Time= addslashes ($_POST['Time']);
$Host= addslashes ($_POST['Host']);
$Contact= addslashes ($_POST['Contact Information']);
}
$sql = "INSERT INTO 'responses' (State,City, Place,
Address, Day, Time, Host, Contact Information)VALUES('$State','$City','$Place', '$Address', '$Day', '$Time', '$Host', '$Contact');
mysql_select_db('mlcarelo_wrdp2');
$retval = mysql_query( $sql, $conn );
if(! $retval ) {
die('Could not enter data: ' . mysql_error());
}
echo "Entered data successfully\n";
mysql_close($conn);
}else {
}
<form method = "post" action = "<?php $_PHP_SELF ?>">
<table width = "400" border = "0" cellspacing = "1"
cellpadding = "2">
<tr>
<td width = "100">State</td>
<td><input name = "State" type = "text"
id = "State"></td>
</tr>
<tr>
<td width = "100">City</td>
<td><input name = "City" type = "text"
id = "City"></td>
</tr>
<tr>
<td width = "100">Place</td>
<td><input name = "Place" type = "text"
id = "Place"></td>
</tr>
<tr>
<td width = "100">Address</td>
<td><input name = "Address" type = "text"
id = "Address"></td>
</tr>
<tr>
<td width = "100">Day</td>
<td><input name = "Day" type = "text"
id = "Day"></td>
</tr>
<tr>
<td width = "100">Time</td>
<td><input name = "Time" type = "text"
id = "Time"></td>
</tr>
<tr>
<td width = "100">Host</td>
<td><input name = "Host" type = "text"
id = "Host"></td>
</tr>
<tr>
<td width = "100">Contact Information</td>
<td><input name = "Contact Information" type = "text"
id = "Contact Information"></td>
</tr>
<tr>
<td width = "100"> </td>
<td> </td>
</tr>
</table>
</form>
<?
</body>
</html>
How can I get my form to work so users may input information and submit it to enter into the sql database? I don't realy understand Form= action. I am using wordpress. I have successfully pulled tables to display from my database so I know that my beginning of php coding is correct and the query should be correct.

You are mixing mysql_ and mysqli_. Use mysqli_ only:
$sql = "INSERT INTO responses (State, City, Place, Address, Day, Time, Host, ContactInformation) VALUES ('$State', '$City', '$Place', '$Address', '$Day', '$Time', '$Host', '$Contact')";
$retval = mysqli_query($conn, $sql);
if(! $retval ) {
die('Could not enter data: ' . mysqli_error());
}
echo "Entered data successfully\n";
mysqli_close($conn);
Also there are several syntax errors in your query, e.g. table names aren't enclosed by ' '. Note that you don't need to use mysqli_select_db, you are doing this within you connection string already. I'm sure your column Contact Information doesn't have a whitespace in your table, so you'll need to correct this, too. I've used ContactInformation, make sure this is correct.
SIDENOTE:
Inserting data this way is wide open to sql-injection. Use prepared statements instead!!

Categories